ai-gateway

SUSPICIOUS. The stated purpose is plausible, but the key inconsistency is severe: a Vercel-branded gateway skill installs and relies on an unverified third-party CLI package not tied to Vercel’s documented tooling. Because that CLI receives the user’s AI Gateway API key and all prompt data, the skill presents a high supply-chain and credential-forwarding risk even though its user-facing function is coherent.